Skip to main content

Configuring a new Service Connector for Log Collection

Each new data source needs to be setup for log collection for processing. This documentation covers the various steps that are part of setting up different data sources.

Configure Source Vendor Product

Follow the documented procedure to setup currently supported services. Documentation is available for the following services:

  • AlienVault USM (Appliance/Anywhere)
  • Amazon Web Services
  • Box
  • Carbon Black PSC/Response
  • Google GCP/GSuite
  • GCP Flowlogs
  • Hostlogs (Linux)
  • Microsoft Azure/Office365
  • Okta
  • Sophos Central - Endpoint

Configure Service Connector Credentials

Most applications will require taking the generated information based on the specific procedure and adding a credential set into the portal for access. The most notable except is for Amazon Web Services which does not require this step and can have the account setup in the portal directly.

  • Use ADMIN->CONNECTORS from the left channel and select "Manage connectors credentials" in the upper right to configure applicable integration credentials.
  • Select the application type from the available options.
  • Enter and submit the information based on the specific application setup procedure followed using the helper information provided.

Configure Service Connector Account

The final portion of the configuration will tell the portal which account to use for the application along with any credentials required for access to the information.

  • Use ADMIN->CONNECTORS from the left channel to configure the related accounts for the credentials or those that may not require credential setup (ie Amazon Web Services).
  • Select the application type from the available options.
  • Enter account information requested and attach any required credentials setup previously for the account using the helper information provided.